Hi Andrei,
> For SDP server we need to bind to lower port, acquire this capability.
> ---
> android/main.c | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++++
> configure.ac | 4 ++++
> 2 files changed, 57 insertions(+)
>
> diff --git a/android/main.c b/android/main.c
> index 5fef095..649867d 100644
> --- a/android/main.c
> +++ b/android/main.c
> @@ -31,6 +31,19 @@
> #include <stdio.h>
> #include <stdlib.h>
> #include <string.h>
> +#include <unistd.h>
> +#include <errno.h>
> +#include <sys/prctl.h>
> +#include <linux/capability.h>
> +
> +/**
> + * Include <sys/capability.h> for host build and
> + * also for Android 4.3 when it is added to bionic
> + */
> +#if (defined(__ANDROID_API__) && (__ANDROID_API__ > 17)) || \
> + !defined(__ANDROID_API__)
> +#include <sys/capability.h>
> +#endif
>
> #include <glib.h>
>
> @@ -319,6 +332,43 @@ static void cleanup_mgmt_interface(void)
> mgmt_if = NULL;
> }
>
> +static bool android_set_aid_and_cap()
> +{
> + struct __user_cap_header_struct header;
> + struct __user_cap_data_struct cap;
> +
> + DBG("%s: pid %d uid %d gid %d", __func__, getpid(), getuid(), getgid());
> +
> + header.version = _LINUX_CAPABILITY_VERSION;
> + header.pid = getpid();
> + if (capget(&header, &cap) < 0)
> + error("%s: capget(): %s", __func__, strerror(errno));
> +
> + DBG("%s: Cap data 0x%x, 0x%x, 0x%x\n", __func__, cap.effective,
> + cap.permitted, cap.inheritable);
> +
> + prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0);
> +
> + header.version = _LINUX_CAPABILITY_VERSION;
> + header.pid = 0;
> +
> + cap.effective = cap.permitted = cap.inheritable =
> + 1 << CAP_NET_RAW |
the CAP_NET_RAW should not be needed for the daemon.
> + 1 << CAP_NET_ADMIN |
> + 1 << CAP_NET_BIND_SERVICE |
> + 1 << CAP_SYS_RAWIO |
What kind of RAWIO are planning to do?
> + 1 << CAP_SYS_NICE |
Do we need to renice ourselves?
> + 1 << CAP_SETGID;
> +
> + if (capset(&header, &cap)) {
> + error("%s: capset(): %s", __func__, strerror(errno));
> + return false;
> + }
> +
> + DBG("%s: capset(): Success", __func__);
> + return true;
> +}
> +
> int main(int argc, char *argv[])
> {
> GOptionContext *context;
> @@ -357,6 +407,9 @@ int main(int argc, char *argv[])
> /* no need to keep parsed option in memory */
> free_options();
>
> + if (android_set_aid_and_cap() == false)
> + exit(1);
> +
> init_mgmt_interface();
>
> DBG("Entering main loop");
> diff --git a/configure.ac b/configure.ac
> index 3b7a5d9..af418d3 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -247,4 +247,8 @@ AC_ARG_ENABLE(android-daemon, AC_HELP_STRING([--enable-android-daemon],
> [android_daemon=${enableval}])
> AM_CONDITIONAL(ANDROID_DAEMON, test "${android_daemon}" = "yes")
>
> +if (test "${android_daemon}" = "yes"); then
> + AC_CHECK_LIB(cap, capget, dummy=yes, AC_MSG_ERROR(libcap is required))
> +fi
> +
The configure option should be --enable-android.
> AC_OUTPUT(Makefile src/bluetoothd.8 lib/bluez.pc)
Regards
Marcel
--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
